From 84acb73d451cc09b7bb287f6882ca32b176d4a6c Mon Sep 17 00:00:00 2001
From: Yannick Marcon <yannick.marcon@obiba.org>
Date: Wed, 29 Nov 2023 21:13:37 +0100
Subject: [PATCH] fix: make sure openid config uses https scheme when not
 localhost

---
 .../obiba/agate/service/ConfigurationService.java    | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/agate-core/src/main/java/org/obiba/agate/service/ConfigurationService.java b/agate-core/src/main/java/org/obiba/agate/service/ConfigurationService.java
index 5308f3ed..c24c8c81 100644
--- a/agate-core/src/main/java/org/obiba/agate/service/ConfigurationService.java
+++ b/agate-core/src/main/java/org/obiba/agate/service/ConfigurationService.java
@@ -122,10 +122,14 @@ public String getBaseURL(HttpServletRequest request) {
     String baseURL;
     if (Strings.isNullOrEmpty(host))
       baseURL = getPublicUrl();
-    else if (Strings.isNullOrEmpty(getContextPath()))
-      baseURL = String.format("%s://%s", request.getScheme(), host);
-    else
-      baseURL = String.format("%s://%s%s", request.getScheme(), host, getContextPath());
+    else {
+      // enforce https scheme for non localhost connection
+      String scheme = host.startsWith("localhost:") || host.startsWith("127.0.0.1:") ? request.getScheme() : "https";
+      if (Strings.isNullOrEmpty(getContextPath()))
+        baseURL = String.format("%s://%s", scheme, host);
+      else
+        baseURL = String.format("%s://%s%s", scheme, host, getContextPath());
+    }
     return baseURL;
   }